Whitelisting PhishGuard Email Header in Exchange 2013, 2016, Microsoft 365

Modified on Thu, 11 May 2023 at 11:40 AM






Whitelisting PhishGuard Email Header in Exchange 2013, 2016, Microsoft 365


The following is the process of whitelisting phishing email headers on Exchange 2013, 2016, or Office 365 platforms.

 

Mail filters will sometimes block the emails our servers send, but there is a way to resolve this issue with whitelisting. Whitelisting allows for phishing emails sent from PhishGuard to bypass any mail filters or junk, spam and clutter folders. We do recommend however to whitelist by IP if possible (for example if you are using a cloud security system). When whitelisting by IP is not applicable, whitelisting by header is an effective way to make sure that phishing emails are delivered. Below we will show you how to set up header rules for Spam and Clutter as well as the Junk folder. 

 


Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and M365) 


  1. Log into your mail server admin portal and select Exchange under Admin center.

  2. Click mail flow from the left-hand menu and then click the + sign and select Bypass spam filtering… from the drop-down.

  3. In the new rule window, give the rule a name, such as "Bypass Clutter & Spam Filtering by Email Header".
  4. From the Apply this rule if… drop-down menu,  select A message header... then includes any of these words.
  5. On the right side of that rule, you will see *Enter text... and *Enter words...
  6. Click *Enter text... and type in PhishGuard header and its value.
  7. Next, under Do the following… ensure that this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set on the right side.
  8. Add a second action by clicking the add action button under Do the following….
  9. From the drop-down menu, select Modify the message properties then set a message header 
  10. Click the first *Enter text.... and type  X-MS-Exchange-Organization-BypassClutter then click the second *Enter text... and type true.
  11. Review all settings to make sure they are correct.

    Once you have completed this setup please allow time for the new rule to propagate. Then, set up a test phishing campaign for yourself or a small group to test out your new whitelisting rule. 

 


Bypassing the Junk Folder (M365 mail servers ONLY)

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

  1. Under Admin center, select Exchange.
  2. Select Mail Flow on the left-hand menu.
  3. Click the + and then select Create a new rule... from the drop-down menu.

  4. Give the rule a name, such as "PhishGuard - Skip Junk Filtering".
  5. From the Apply this rule if.... drop-down, select A message header... then select includes any of these words.
  6. On the right side of that rule, you will see *Enter text... and *Enter words.... Click *Enter text... and  type in PhishGuard header.
  7. Click *Enter words … and type the header value and then, click the + sign and OK.
  8. From the Do the following... drop-down menu, select Modify the message properties then Set a message header.
  9. Click on the *Enter text... button after "Set the message header" to set the message header. Enter the following text: X-Forefront-Antispam-Report. This value is case sensitive. Then, click OK.
  10. Click the *Enter text... button after "to the value" and enter "SFV:SKI;CAT:NONE;". To learn more about this header, click here. Please be aware that this field is case sensitive. Once the text is entered, click OK
  11. Beneath Properties of this rule:, set the priority to directly follow the rule you created in the previous section.
  12. Click Save.




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article